Surveillance of personal mobile comms is no big deal for telcos

Requests for the collection of personal data should not prove to be a challenge for telecommunication companies.

Requests for the collection of personal data should not prove to be a challenge for telecommunication companies.

As detailed in last week's Queen's Speech, the Government "intends to bring forward measures to maintain the ability of the law enforcement and intelligence agencies to access vital communications data under strict safeguards to protect the public, subject to scrutiny of draft clauses".

Information Commissioner Christopher Graham told SC Magazine there were still core decisions to be made around limiting the intrusion into people's privacy, to be sure it is compliant with the Data Protection Act on safeguarding data.

Leeor Ben-Peretz, V-P of business development at Cellebrite, said its solutions for the transfer and forensic analysis of data were complementary to what was in the bill, but a challenge may come for governments in terms of legal rights and data management.

He explained that telcos are supposed to be able to provide users with access to call logs, so the capability will not be too much of a challenge. “As long as you have the device, then you have a lot of data available and you can recover the content itself, not just meta data,” he said.

“With email or an SMS, you can recover the content itself, but with a phone call, the phone does not record the voice channel, so you cannot recover that – but there is a lot you can recover and that is helpful in a forensic investigation process.”

In terms of the legality of collecting data, Ben-Peretz said some nations and states are stricter than others.

Asked how simple it is to extract data when a device is ‘in hand' as opposed to ‘over the air', Ben-Peretz said the former scenario was the less challenging.

In terms of how surveillance can be done discreetly, Ben-Peretz said: “Extraction is complex and I split it into two areas: with physical it would not be possible as to bypass the OS it has to not be running; the other side is logical extraction, so it is possible to do it over the air, but that is phone-specific.

“Typically you need a client to do this if you want to do it over the air, so the challenge is in how you push the client remotely. It is feasible for a third party to hear when you are running an open OS like Android or Symbian, with iOS it is not so easy. Any talented app developer can do this.”